MalwareHunter spotted several campaigns using Facebook’s CDN servers in the last two weeks. The same group also used Dropbox and Google’s cloud storage services to store the same malicious payloads. The infection process starts with users receiving a spoofed email from the attackers. Attackers upload files in Facebook groups or other public sections, grab the file’s URL, and add it in spam emails. This technique of using local applications to hide malicious operations is known as “Squiblydoo
Source: security